jitsimeet_ prefix for vars + ansible.builtin. prefix for modules

webapps/jitsimeet/LISEZMOI.md

@@ -29,7 +29,7 @@ Exemple de playbook
     - all
   vars:
     # Supplanter ici les variables du rôle
-    domains: ['votre-vrai-domaine.org']
+    jitsimeet_domains: ['votre-vrai-domaine.org']
     service: 'mon-jitsimeet'
 
   roles:

webapps/jitsimeet/README.md

@@ -29,7 +29,7 @@ Example Playbook
     - all
   vars:
     # Overwrite the role variables here
-    domains: ['your-real-domain.org']
+    jitsimeet_domains: ['your-real-domain.org']
     service: 'my-jitsimeet'
 
   roles:

webapps/jitsimeet/defaults/main.yml

@@ -1,16 +1,16 @@
 ---
 # defaults file for main vars
 
-system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']"
+jitsimeet_system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']"
 
-domains: ['jitsi.example.net']
+jitsimeet_domains: ['jitsi.example.net']
-turn_domains: ['turn.jitsi.example.net']
+jitsimeet_turn_domains: ['turn.jitsi.example.net']
-certbot_admin_email: 'security@example.net'
+jitsimeet_certbot_admin_email: 'security@example.net'
 
-jitsi_meet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
+jitsimeet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
-jitsi_meet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+jitsimeet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-jitsi_meet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
+jitsimeet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
-jitsi_meet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME"
+jitsimeet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME"
-jitsi_meet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL"
+jitsimeet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL"
-jitsi_meet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e"
+jitsimeet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e"
-colibri_ext_port: '8443'
+jitsimeet_colibri_ext_port: '8443'

webapps/jitsimeet/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
 # tasks file for jitsimeet install
 
-- name: Set FQDN
+#- name: Set FQDN
-  command: "hostnamectl set-hostname {{ domains | first }}"
+#  ansible.builtin.command: "hostnamectl set-hostname {{ jitsimeet_domains | first }}"
 
 - name: Add Prosody apt repository key
   ansible.builtin.get_url:
@@ -12,7 +12,12 @@
     force: true
 
 - name: Add Jitsi Meet apt repository key + dearmor hack
-  shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg'
+  ansible.builtin.shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg'
+
+- name: Adjust permissions of gpg key
+  ansible.builtin.file:
+    path: /etc/apt/trusted.gpg.d/jitsimeet.gpg
+    mode: '0644'
 
 - name: Add Prosody apt repository
   ansible.builtin.apt_repository:
@@ -26,7 +31,7 @@
 
 - name: Install system dependencies
   ansible.builtin.apt:
-    name: "{{ system_dep }}"
+    name: "{{ jitsimeet_system_dep }}"
     state: present
     update_cache: true
 
@@ -39,23 +44,23 @@
   loop:
     - name: jitsi-videobridge2
       question: jitsi-videobridge/jvb-hostname
-      value: "{{ domains | first }}"
+      value: "{{ jitsimeet_domains | first }}"
       vtype: string
     - name: jitsi-meet-web-config
       question: jitsi-meet/cert-choice
-      value: "{{ jitsi_meet_cert_choice }}"
+      value: "{{ jitsimeet_cert_choice }}"
       vtype: string
     - name: jitsi-meet-web-config
       question: jitsi-meet/cert-path-crt
-      value: "{{ jitsi_meet_ssl_cert_path }}"
+      value: "{{ jitsimeet_ssl_cert_path }}"
       vtype: string
     - name: jitsi-meet-web-config
       question: jitsi-meet/cert-path-key
-      value: "{{ jitsi_meet_ssl_key_path }}"
+      value: "{{ jitsimeet_ssl_key_path }}"
       vtype: string
     - name: jitsi-meet-prosody
       question: jitsi-meet-prosody/turn-secret
-      value: "{{ jitsi_meet_turn_secret }}"
+      value: "{{ jitsimeet_turn_secret }}"
       vtype: string
 
 - name: Install Jitsi Meet
@@ -70,7 +75,7 @@
     state: present
 
 - name: Add certs dir for coturn/letsencrypt if needed
-  file:
+  ansible.builtin.file:
     path: "{{ item.path }}"
     state: directory
     mode: "{{ item.mode }}"
@@ -83,7 +88,7 @@
     - { path: '/etc/letsencrypt/renewal-hooks/deploy', owner: "root", group: "root", mode: "0700" }
 
 - name: Template config files
-  template:
+  ansible.builtin.template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     owner: "{{ item.owner }}"
@@ -92,10 +97,10 @@
   loop:
     - { src: 'videobridge/jvb.conf.j2', dest: "/etc/jitsi/videobridge/jvb.conf", owner: "jvb", group: "jitsi", mode: "0640" }
     - { src: 'videobridge/sip-communicator.properties.j2', dest: "/etc/jitsi/videobridge/sip-communicator.properties", owner: "jvb", group: "jitsi", mode: "0640" }
-    - { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
+    - { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
-    - { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
+    - { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
     - { src: 'meet/welcomePageAdditionalContent.html.j2', dest: "/etc/jitsi/meet/welcomePageAdditionalContent.html", owner: "root", group: "root", mode: "0644" }
-    - { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
+    - { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ jitsimeet_domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
     - { src: 'coturn/turnserver.conf.j2', dest: "/etc/turnserver.conf", owner: "root", group: "turnserver", mode: "0640" }
     - { src: 'certbot/coturn-certbot-deploy.sh.j2', dest: "/etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh", owner: "root", group: "root", mode: "0700" }
 
@@ -110,10 +115,10 @@
         }
 
 - name: Unregister default jvb account in prosody
-  ansible.builtin.command: prosodyctl unregister jvb auth.{{ domains | first }}
+  ansible.builtin.command: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }}
 
 - name: Register jvb account in prosody (with proper secret)
-  ansible.builtin.command: prosodyctl register jvb auth.{{ domains | first }} {{ jitsi_meet_jvb_secret }}
+  ansible.builtin.command: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }}
 
 - name: Restart prosody
   ansible.builtin.service:
@@ -131,75 +136,75 @@
     state: restarted
 
 - name: Check if SSL certificate is present and register result
-  stat:
+  ansible.builtin.stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: Generate certificate only if required (first time)
   block:
   - name: Template vhost without SSL for successfull LE challengce
-    template: 
+    ansible.builtin.template: 
       src: "nginx/vhost.conf.j2"
-      dest: "/etc/nginx/sites-available/{{ domains |first }}.conf"
+      dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
   - name: Enable temporary nginx vhost
-    file:
+    ansible.builtin.file:
-      src: "/etc/nginx/sites-available/{{ domains |first }}.conf"
+      src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
-      dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf"
+      dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
       state: link
   - name: Reload nginx conf
-    service:
+    ansible.builtin.service:
       name: nginx
       state: reloaded
   - name: Make sure /var/lib/letsencrypt exists and has correct permissions
-    file: 
+    ansible.builtin.file: 
       path: /var/lib/letsencrypt
       state: directory
       mode: '0755'
   - name: Generate certificate with certbot
-    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
+    ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
   when: ssl.stat.exists != true
 
 - name: (Re)check if SSL certificate is present and register result
-  stat:
+  ansible.builtin.stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: (Re)template conf file for nginx vhost with SSL
-  template:
+  ansible.builtin.template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
   loop:
-    - { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domains |first }}.conf" }
+    - { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" }
     - { src: 'nginx/multiplex.conf.j2', dest: '/etc/nginx/modules-available/multiplex.conf' }
 
 - name: Enable multiplex module conf
-  file:
+  ansible.builtin.file:
     src: '/etc/nginx/modules-available/multiplex.conf'
     dest: '/etc/nginx/modules-enabled/multiplex.conf'
     state: link
 
 - name: Enable nginx vhost
-  file:
+  ansible.builtin.file:
-    src: "/etc/nginx/sites-available/{{ domains |first }}.conf"
+    src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
-    dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf"
+    dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
     state: link
 
 - name: Reload nginx conf
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded
 
 - name: Check if SSL certificate for coturn is present and register result
-  stat:
+  ansible.builtin.stat:
-    path: "/etc/coturn/certs/{{ turn_domains |first }}.crt"
+    path: "/etc/coturn/certs/{{ jitsimeet_turn_domains |first }}.crt"
   register: ssl_coturn
 
 - name: Generate certificate for coturn with certbot
-  shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ certbot_admin_email }} -d {{ turn_domains |first }}
+  ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_turn_domains |first }}
   when: ssl_coturn.stat.exists != true 
 
 - name: Setup other domains if any
   include_tasks: other_domains.yml
-  loop: "{{ domains[1:] }}"
+  loop: "{{ jitsimeet_domains[1:] }}"
   loop_control:
     loop_var: domain

webapps/jitsimeet/tasks/other_domains.yml

@@ -2,7 +2,7 @@
 # tasks file for other domains if any
 
 - name: Template config files
-  template:
+  ansible.builtin.template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     owner: "{{ item.owner }}"
@@ -13,59 +13,59 @@
     - { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
 
 - name: Check if SSL certificate is present and register result
-  stat:
+  ansible.builtin.stat:
     path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
   register: ssl
 
 - name: Generate certificate only if required (first time)
   block:
   - name: Template vhost without SSL for successfull LE challengce
-    template: 
+    ansible.builtin.template: 
       src: "nginx/other.vhost.conf.j2"
       dest: "/etc/nginx/sites-available/{{ domain }}.conf"
   - name: Enable temporary nginx vhost
-    file:
+    ansible.builtin.file:
       src: "/etc/nginx/sites-available/{{ domain }}.conf"
       dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
       state: link
   - name: Reload nginx conf
-    service:
+    ansible.builtin.service:
       name: nginx
       state: reloaded
   - name: Make sure /var/lib/letsencrypt exists and has correct permissions
-    file: 
+    ansible.builtin.file: 
       path: /var/lib/letsencrypt
       state: directory
       mode: '0755'
   - name: Generate certificate with certbot
-    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domain }}
+    ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
   when: ssl.stat.exists != true
 
 - name: (Re)check if SSL certificate is present and register result
-  stat:
+  ansible.builtin.stat:
     path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
   register: ssl
 
 - name: (Re)template conf file for nginx vhost with SSL
-  template:
+  ansible.builtin.template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
   loop:
     - { src: 'nginx/other.vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domain }}.conf" }
 
 - name: Insert block in multiplex.conf
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/nginx/modules-enabled/multiplex.conf
     insertafter: "web_backend;"
     line: "{{ domain }} web_backend;"
 
 - name: Enable nginx vhost
-  file:
+  ansible.builtin.file:
     src: "/etc/nginx/sites-available/{{ domain }}.conf"
     dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
     state: link
 
 - name: Reload nginx conf
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded

webapps/jitsimeet/templates/certbot/coturn-certbot-deploy.sh.j2

@@ -6,7 +6,7 @@ set -e
 
 for domain in $RENEWED_DOMAINS; do
         case $domain in
-        {{ turn_domains | first }})
+        {{ jitsimeet_turn_domains | first }})
                 daemon_cert_root=/etc/coturn/certs
 
                 # Make sure the certificate and private key files are

webapps/jitsimeet/templates/coturn/turnserver.conf.j2

@@ -1,10 +1,10 @@
 # jitsi-meet coturn config. Do not modify this line
 use-auth-secret
 keep-address-family
-static-auth-secret={{ jitsi_meet_turn_secret }}
+static-auth-secret={{ jitsimeet_turn_secret }}
-realm={{ turn_domains | first }}
+realm={{ jitsimeet_turn_domains | first }}
-cert=/etc/coturn/certs/{{ turn_domains | first }}.crt
+cert=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.crt
-pkey=/etc/coturn/certs/{{ turn_domains | first }}.key
+pkey=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.key
 no-multicast-peers
 no-cli
 #no-loopback-peers

webapps/jitsimeet/templates/meet/config.js.j2

@@ -30,31 +30,31 @@ var config = {
 
     hosts: {
         // XMPP domain.
-        domain: '{{ domains | first }}',
+        domain: '{{ jitsimeet_domains | first }}',
 
         // When using authentication, domain for guest users.
         // anonymousdomain: 'guest.example.com',
 
         // Domain for authenticated users. Defaults to <domain>.
-        // authdomain: '{{ domains | first }}',
+        // authdomain: '{{ jitsimeet_domains | first }}',
 
         // Focus component domain. Defaults to focus.<domain>.
-        // focus: 'focus.{{ domains | first }}',
+        // focus: 'focus.{{ jitsimeet_domains | first }}',
 
         // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
-        muc: 'conference.' + subdomain + '{{ domains | first }}',
+        muc: 'conference.' + subdomain + '{{ jitsimeet_domains | first }}',
     },
 
     // BOSH URL. FIXME: use XEP-0156 to discover it.
-    bosh: 'https://{{ domains | first }}/' + subdir + 'http-bind',
+    bosh: 'https://{{ jitsimeet_domains | first }}/' + subdir + 'http-bind',
 
     // Websocket URL (XMPP)
-    websocket: 'wss://{{ domains | first }}/' + subdir + 'xmpp-websocket',
+    websocket: 'wss://{{ jitsimeet_domains | first }}/' + subdir + 'xmpp-websocket',
 
     // The real JID of focus participant - can be overridden here
     // Do not change username - FIXME: Make focus username configurable
     // https://github.com/jitsi/jitsi-meet/issues/7376
-    // focusUserJid: 'focus@auth.{{ domains | first }}',
+    // focusUserJid: 'focus@auth.{{ jitsimeet_domains | first }}',
 
     // Options related to the bridge (colibri) data channel
     bridgeChannel: {
@@ -302,9 +302,9 @@ var config = {
     //     appKey: '<APP_KEY>', // Specify your app key here.
     //     // A URL to redirect the user to, after authenticating
     //     // by default uses:
-    //     // 'https://{{ domains | first }}/static/oauth.html'
+    //     // 'https://{{ jitsimeet_domains | first }}/static/oauth.html'
     //     redirectURI:
-    //          'https://{{ domains | first }}/subfolder/static/oauth.html',
+    //          'https://{{ jitsimeet_domains | first }}/subfolder/static/oauth.html',
     // },
 
     // recordingService: {
@@ -947,7 +947,7 @@ var config = {
         // The STUN servers that will be used in the peer to peer connections
         stunServers: [
 
-             { urls: 'stun:{{ turn_domains | first }}:3478' },
+             { urls: 'stun:{{ jitsimeet_turn_domains | first }}:3478' },
             //{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' },
         ],
     },
@@ -1301,7 +1301,7 @@ var config = {
     // The URL of the moderated rooms microservice, if available. If it
     // is present, a link to the service will be rendered on the welcome page,
     // otherwise the app doesn't render it.
-    // moderatedRoomServiceUrl: 'https://moderated.{{ domains | first }}',
+    // moderatedRoomServiceUrl: 'https://moderated.{{ jitsimeet_domains | first }}',
 
     // If true, tile view will not be enabled automatically when the participants count threshold is reached.
     // disableTileView: true,

webapps/jitsimeet/templates/meet/interface_config.js.j2

@@ -63,7 +63,7 @@ var interfaceConfig = {
      */
     DISABLE_VIDEO_BACKGROUND: false,
 
-    DISPLAY_WELCOME_FOOTER: {{ welcome_footer }},
+    DISPLAY_WELCOME_FOOTER: {{ jitsimeet_welcome_footer }},
     DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
     DISPLAY_WELCOME_PAGE_CONTENT: true,
     DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,

webapps/jitsimeet/templates/nginx/multiplex.conf.j2

@@ -1,7 +1,7 @@
 stream {
     map $ssl_preread_server_name $name {
-        {{ domains | first }} web_backend;
+        {{ jitsimeet_domains | first }} web_backend;
-        {{ turn_domains | first }} turn_backend;
+        {{ jitsimeet_turn_domains | first }} turn_backend;
     }
 
     upstream web_backend {

webapps/jitsimeet/templates/nginx/other.vhost.conf.j2

@@ -105,7 +105,7 @@ server {
       proxy_pass http://prosody/room-info?prefix=$prefix&$args;
       proxy_http_version 1.1;
       proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header Host {{ domains | first }};
+      proxy_set_header Host {{ jitsimeet_domains | first }};
   }
 
   location ~ ^/_api/public/(.*)$ {
@@ -130,7 +130,7 @@ server {
       proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
       proxy_http_version 1.1;
       proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header Host {{ domains | first }};
+      proxy_set_header Host {{ jitsimeet_domains | first }};
       proxy_set_header Connection "";
   }
 
@@ -141,7 +141,7 @@ server {
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
-      proxy_set_header Host {{ domains | first }};
+      proxy_set_header Host {{ jitsimeet_domains | first }};
       tcp_nodelay on;
   }
 

webapps/jitsimeet/templates/nginx/vhost.conf.j2

@@ -33,7 +33,7 @@ map $arg_vnode $prosody_node {
 server {
   listen 80;
   listen [::]:80;
-  server_name {{ domains | first }} {{ turn_domains | first }};
+  server_name {{ jitsimeet_domains | first }} {{ jitsimeet_turn_domains | first }};
 
   # For certbot
   location ~ /.well-known/acme-challenge {
@@ -50,7 +50,7 @@ server {
 server {
   listen 8088 ssl http2;
   listen [::]:8088 ssl http2;
-  server_name {{ domains | first }};
+  server_name {{ jitsimeet_domains | first }};
   
   access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
   error_log  /var/log/nginx/{{ service }}.error.log;
@@ -74,16 +74,16 @@ server {
   add_header Strict-Transport-Security "max-age=63072000" always;
   set $prefix "";
   set $custom_index "";
-  set $config_js_location /etc/jitsi/meet/{{ domains | first }}-config.js;
+  set $config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js;
-  set $interface_config_js_location /etc/jitsi/meet/{{ domains | first }}-interface_config.js;
+  set $interface_config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js;
   set $welcome_page_additional_content_location /etc/jitsi/meet/welcomePageAdditionalContent.html;
 
   ##
   # Certificates
   # you need a certificate to run in production. see https://letsencrypt.org/
   ##
-  ssl_certificate     /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
+  ssl_certificate     /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem;
 
   root /usr/share/jitsi-meet;
 
@@ -240,10 +240,10 @@ server {
 
 ## Pour communiquer les stats colibri à un serveur externe Grafana 
 server {
-    listen {{ colibri_ext_port }}      ssl http2;
+    listen {{ jitsimeet_colibri_ext_port }}      ssl http2;
-    listen [::]:{{ colibri_ext_port }} ssl http2;
+    listen [::]:{{ jitsimeet_colibri_ext_port }} ssl http2;
 
-    server_name {{ domains | first }};
+    server_name {{ jitsimeet_domains | first }};
 
     # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
     ssl_protocols TLSv1.2 TLSv1.3;
@@ -256,8 +256,8 @@ server {
 
     add_header Strict-Transport-Security "max-age=63072000" always;
 
-    ssl_certificate     /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
+    ssl_certificate     /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem;
 
     location / {
         proxy_pass http://127.0.0.1:8080;

webapps/jitsimeet/templates/prosody/virtualhost.cfg.lua.j2

@@ -1,13 +1,13 @@
 plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
 
 -- domain mapper options, must at least have domain base set to use the mapper
-muc_mapper_domain_base = "{{ domains | first }}";
+muc_mapper_domain_base = "{{ jitsimeet_domains | first }}";
 
-external_service_secret = "{{ jitsi_meet_turn_secret }}";
+external_service_secret = "{{ jitsimeet_turn_secret }}";
 external_services = {
-     { type = "stun", host = "{{ turn_domains | first }}", port = 3478 },
+     { type = "stun", host = "{{ jitsimeet_turn_domains | first }}", port = 3478 },
-     { type = "turn", host = "{{ turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
+     { type = "turn", host = "{{ jitsimeet_turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
-     { type = "turns", host = "{{ turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
+     { type = "turns", host = "{{ jitsimeet_turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
 };
 
 cross_domain_bosh = false;
@@ -33,11 +33,11 @@ ssl = {
 }
 
 unlimited_jids = {
-    "focus@auth.{{ domains | first }}",
+    "focus@auth.{{ jitsimeet_domains | first }}",
-    "jvb@auth.{{ domains | first }}"
+    "jvb@auth.{{ jitsimeet_domains | first }}"
 }
 
-VirtualHost "{{ domains | first }}"
+VirtualHost "{{ jitsimeet_domains | first }}"
     authentication = "jitsi-anonymous" -- do not delete me
     -- Properties below are modified by jitsi-meet-tokens package config
     -- and authentication above is switched to "token"
@@ -48,13 +48,13 @@ VirtualHost "{{ domains | first }}"
     -- Note that old-style SSL on port 5223 only supports one certificate, and will always
     -- use the global one.
     ssl = {
-        key = "/etc/prosody/certs/{{ domains | first }}.key";
+        key = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.key";
-        certificate = "/etc/prosody/certs/{{ domains | first }}.crt";
+        certificate = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.crt";
     }
-    av_moderation_component = "avmoderation.{{ domains | first }}"
+    av_moderation_component = "avmoderation.{{ jitsimeet_domains | first }}"
-    speakerstats_component = "speakerstats.{{ domains | first }}"
+    speakerstats_component = "speakerstats.{{ jitsimeet_domains | first }}"
-    conference_duration_component = "conferenceduration.{{ domains | first }}"
+    conference_duration_component = "conferenceduration.{{ jitsimeet_domains | first }}"
-    end_conference_component = "endconference.{{ domains | first }}"
+    end_conference_component = "endconference.{{ jitsimeet_domains | first }}"
     -- we need bosh
     modules_enabled = {
         "bosh";
@@ -72,13 +72,13 @@ VirtualHost "{{ domains | first }}"
         "room_metadata";
     }
     c2s_require_encryption = false
-    lobby_muc = "lobby.{{ domains | first }}"
+    lobby_muc = "lobby.{{ jitsimeet_domains | first }}"
-    breakout_rooms_muc = "breakout.{{ domains | first }}"
+    breakout_rooms_muc = "breakout.{{ jitsimeet_domains | first }}"
-    room_metadata_component = "metadata.{{ domains | first }}"
+    room_metadata_component = "metadata.{{ jitsimeet_domains | first }}"
-    main_muc = "conference.{{ domains | first }}"
+    main_muc = "conference.{{ jitsimeet_domains | first }}"
-    -- muc_lobby_whitelist = { "recorder.{{ domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms
+    -- muc_lobby_whitelist = { "recorder.{{ jitsimeet_domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms
 
-Component "conference.{{ domains | first }}" "muc"
+Component "conference.{{ jitsimeet_domains | first }}" "muc"
     restrict_room_creation = true
     storage = "memory"
     modules_enabled = {
@@ -90,14 +90,14 @@ Component "conference.{{ domains | first }}" "muc"
         "muc_rate_limit";
         "muc_password_whitelist";
     }
-    admins = { "focus@auth.{{ domains | first }}" }
+    admins = { "focus@auth.{{ jitsimeet_domains | first }}" }
     muc_password_whitelist = {
-        "focus@auth.{{ domains | first }}"
+        "focus@auth.{{ jitsimeet_domains | first }}"
     }
     muc_room_locking = false
     muc_room_default_public_jids = true
 
-Component "breakout.{{ domains | first }}" "muc"
+Component "breakout.{{ jitsimeet_domains | first }}" "muc"
     restrict_room_creation = true
     storage = "memory"
     modules_enabled = {
@@ -107,25 +107,25 @@ Component "breakout.{{ domains | first }}" "muc"
         "muc_rate_limit";
         "polls";
     }
-    admins = { "focus@auth.{{ domains | first }}" }
+    admins = { "focus@auth.{{ jitsimeet_domains | first }}" }
     muc_room_locking = false
     muc_room_default_public_jids = true
 
 -- internal muc component
-Component "internal.auth.{{ domains | first }}" "muc"
+Component "internal.auth.{{ jitsimeet_domains | first }}" "muc"
     storage = "memory"
     modules_enabled = {
         "muc_hide_all";
         "ping";
     }
-    admins = { "focus@auth.{{ domains | first }}", "jvb@auth.{{ domains | first }}" }
+    admins = { "focus@auth.{{ jitsimeet_domains | first }}", "jvb@auth.{{ jitsimeet_domains | first }}" }
     muc_room_locking = false
     muc_room_default_public_jids = true
 
-VirtualHost "auth.{{ domains | first }}"
+VirtualHost "auth.{{ jitsimeet_domains | first }}"
     ssl = {
-        key = "/etc/prosody/certs/auth.{{ domains | first }}.key";
+        key = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.key";
-        certificate = "/etc/prosody/certs/auth.{{ domains | first }}.crt";
+        certificate = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.crt";
     }
     modules_enabled = {
         "limits_exception";
@@ -133,22 +133,22 @@ VirtualHost "auth.{{ domains | first }}"
     authentication = "internal_hashed"
 
 -- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
-Component "focus.{{ domains | first }}" "client_proxy"
+Component "focus.{{ jitsimeet_domains | first }}" "client_proxy"
-    target_address = "focus@auth.{{ domains | first }}"
+    target_address = "focus@auth.{{ jitsimeet_domains | first }}"
 
-Component "speakerstats.{{ domains | first }}" "speakerstats_component"
+Component "speakerstats.{{ jitsimeet_domains | first }}" "speakerstats_component"
-    muc_component = "conference.{{ domains | first }}"
+    muc_component = "conference.{{ jitsimeet_domains | first }}"
 
-Component "conferenceduration.{{ domains | first }}" "conference_duration_component"
+Component "conferenceduration.{{ jitsimeet_domains | first }}" "conference_duration_component"
-    muc_component = "conference.{{ domains | first }}"
+    muc_component = "conference.{{ jitsimeet_domains | first }}"
 
-Component "endconference.{{ domains | first }}" "end_conference"
+Component "endconference.{{ jitsimeet_domains | first }}" "end_conference"
-    muc_component = "conference.{{ domains | first }}"
+    muc_component = "conference.{{ jitsimeet_domains | first }}"
 
-Component "avmoderation.{{ domains | first }}" "av_moderation_component"
+Component "avmoderation.{{ jitsimeet_domains | first }}" "av_moderation_component"
-    muc_component = "conference.{{ domains | first }}"
+    muc_component = "conference.{{ jitsimeet_domains | first }}"
 
-Component "lobby.{{ domains | first }}" "muc"
+Component "lobby.{{ jitsimeet_domains | first }}" "muc"
     storage = "memory"
     restrict_room_creation = true
     muc_room_locking = false
@@ -159,6 +159,6 @@ Component "lobby.{{ domains | first }}" "muc"
         "polls";
     }
 
-Component "metadata.{{ domains | first }}" "room_metadata_component"
+Component "metadata.{{ jitsimeet_domains | first }}" "room_metadata_component"
-    muc_component = "conference.{{ domains | first }}"
+    muc_component = "conference.{{ jitsimeet_domains | first }}"
-    breakout_rooms_component = "breakout.{{ domains | first }}"
+    breakout_rooms_component = "breakout.{{ jitsimeet_domains | first }}"

webapps/jitsimeet/templates/videobridge/jvb.conf.j2

@@ -9,7 +9,7 @@ videobridge {
     }
     websockets {
         enabled = true
-        domain = "{{ domains | first }}:443"
+        domain = "{{ jitsimeet_domains | first }}:443"
         tls = true
     }
     apis {

webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2

@@ -1,13 +1,13 @@
 org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
-org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ turn_domains | first }}:3478
+org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ jitsimeet_turn_domains | first }}:3478
 org.jitsi.videobridge.ENABLE_STATISTICS=true
 org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
 org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
-org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ domains | first }}
+org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ jitsimeet_domains | first }}
 org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
-org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsi_meet_jvb_secret }}
+org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsimeet_jvb_secret }}
-org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ domains | first }}
+org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ jitsimeet_domains | first }}
-org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsi_meet_jvb_muc_nick }}
+org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsimeet_jvb_muc_nick }}
 #org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./static/welcomePageAdditionalContent.html=/usr/share/jitsi-meet/static/welcomePageAdditionalContent.html
 # Switches off the BWE mechanism.
 #org.jitsi.videobridge.TRUST_BWE=false